VerseLogic

The personal blog of Alan J Castonguay.

Wordpress OpenID Plugin

About

OpenID is an open, decentralized, free framework for user-centric digital identity. Applications may use OpenID to assert ownership over a given identity url. The wpopenid plugin lets visitors to a Wordpress blog quickly register, login, and leave comments using their OpenID Identity.

Download

• http://wordpress.org/extend/plugins/openid/
• http://willnorris.com/projects/wp-openid/
• http://diso.googlecode.com/svn/wordpress/

Installation

Installation of the plugin is simple. Like any Wordpress plugin, decompress the contents of the archive into /wp-content/plugins/ and Activate the plugin via the administation plugin panel. This plugin does not require any modification of core files or templates.

Dependencies and Compatibility

The Wordpress OpenID Plugin is designed for use with Wordpress versions 2.0.3 through 2.1. It may work with other versions, feedback is welcome. It was not designed with WPMU in mind, though future revisions may address this.

The plugin depends on JanRain’s excellent php consumer library version 1.2.1 or better. The latest version of the JanRain library is included with the plugin.

The JanRain library in turn relies upon GMP or BCMath support in PHP. If neither of these libraries are available, the JanRain library falls back to Dumb Mode.

The plugin was developed with GMP 4.1.4 and PHP 5.1.6, has been tested under PHP 4.3.10.

Troubleshooting

Meeting the above dependencies could be a bit of a trick. The plugin is designed to activate sufficiently to determine whether its dependencies are met, and inform the user of any deficiencies. For a full status report, see the Options->OpenID tab or php error_log file. Please include this information when reporting bugs.

Configuration

Once installed and activated, the plugin places two panels in the Administration interface. First and foremost, visit Options -> OpenID, and specify the Trust Root. It should probably be your blog’s url.

By default the plugin tries to modify the Login and Comment forms. The plugin cannot account for all themes, these two options are designed to quickly get the plugin working with the default Wordpress theme. For long term production use it is recommended to turn off one or both options and create proper form elements in the theme template files. An example of such modification is available in the README file.

Use

Visitors can quickly register or login with their Identity using the Login form. Upon successful authentication, a real local wordpress user is created to store the visitor’s profile. This user gains the default role permissions that any other newly registered user would. Additional OpenID Identity urls can be added to any Wordpress account, with equivalent permissions regardless of OpenID vs username/password authentication.

When hooked into an augmented comments form, visitors can quickly register or login with their identity directly within the comment submission loop. This was the primary focus of the plugin, and designed to be as seamless as possible for potential commenters.

Demonstration

Apart from the plugin being installed right here on Verselogic, there’s a live demonstration of the plugin, complete with wide open admin interface, at http://openid.verselogic.net/. The demo install and database will be rolled back periodically, so feel free to play with / break it. All comments, posts, and user accounts there are subject to removal without notice. Please make test posts there.

But what about…

Email addresses?

If no email address is available via the SREG profile extension, the plugin continues on happily, and the user has a blank email address in their profile. This causes certain email-centric Wordpress features to choke, like the only-moderate-once feature. It’s not optimal, but it works. wp_mail() already special cases a blank email address, so it doesn’t error out. The user can fill in an email address if they desire.

Passwords?

The password is generated using the same method that Wordpress normally uses for new users: substr( md5( uniqid( microtime() ) ), 0, 7). These passwords are rather short, and will probably be increased. Users can change their password at will.

Shoulders of Giants

A lot of people have done a lot of excellent work thus far. Thanks guys.

• Will Norris
• Dan Huntley “Scatman” @ scatmania.org
• Alexander Nikulin “snaky” @ the-notebook.org
• Eduardo Robles Elvira “edulix” @ edulix.videntity.org
• The JanRain Team
• The wp-hackers Team

Feedback

Problems installing? Bug reports? Feature requests? Compatibility issues? Just plain happy with the plugin? I’m glad to hear it! Either open a ticket in the sourceforge project, or send email to alan at this domain.

Disclaimer

This plugin is provided as-is. While I have made a good-faith attempt to introduce no security flaws, I accept not liability for damages or downtime incurred from it’s use. The source is available, and you are welcome to probe it for insecurities. I would appreciate notification of any such problems.

Powered by Hemingway flavored Wordpress.

 Structure is freedom, verse is logic, code is poetry.

Entries RSS Comments RSS